RSA announced product enhancements at last week’s RSA Conference in San Francisco to help organisations meet the Nist Cyber-security Framework 2.0 security standards and eliminate passwords.

Nist CSF 2.0 provides public and private sector organisations with best practices to refine their cyber-security architecture and defend themselves from the most frequent and highest-impact attacks. Specifically, CSF 2.0 addresses a threat landscape now dominated by identity-driven threats and makes recommendations to counteract them.

“Nist CSF 2.0 makes it clear that, no matter the size and no matter the sector, every organisation is only as secure as its identities,” said RSA CEO Rohit Ghai. “The most recent framework represents a new gold standard for developing cyber resilience in the age of AI, demonstrates why every organisation needs a unified identity platform to account for an extended threat landscape, and details how all organisations can implement those recommendations to adapt to far more dangerous threats.”

In a video (www.rsa.com/resources/videos/cyber-resilience-in-the-age-of-ai), Ghai noted that, after examining the root causes of recent data breaches, the data were getting too hard to ignore.

“The impact of incidents too dire to fathom,” said Ghai. “Securing identities is an absolute imperative,” before sharing implementation guidance for CSF 2.0.

At the conference, RSA demonstrated the identity security capabilities that organisations need to evolve their cyber-security practices and meet the highest CSF maturity tiers including:

• AI- and ML-driven risk intelligence to defend against advanced identity threats
• Risk-based identity governance and administration to identify and mitigate excess entitlements and ensure compliance
• A broad range of phishing-resistant and passwordless authentication capabilities to support the needs of hybrid, remote and third-party users
• Automated joiner-mover-leaver workflows that provision birthright- and role-based entitlements and that revoke access upon exit, ensuring least privilege is maintained throughout the user lifecycle.

At the conference, RSA introduced enhancements that will expand on secure passwordless authentication; these will be available this year:

• Authenticator app to support mobile passkeys: this summer, the RSA authenticator app for iOS and Android will support device-bound FIDO passkeys, providing security-conscious organisations with a passwordless alternative to synched passkeys
• Secure self-service credential recovery: a workflow that will allow users to pre-register a second FIDO authenticator or use synched passkeys without help desk support
• Bring-your-own-authenticator (BYOA) combined with security: RSA customers can use third-party authenticators – including FIDO2, FIDO U2F or OATH H-OTP – as part of their RSA ID Plus (www.rsa.com/products/id-plus) deployments while still leveraging decades of RSA’s security-first pedigree and proprietary options to fortify the use of open standards

These pending enhancements follow secure passwordless capabilities that RSA has recently released. These include QR code-based authentication, an expanded access policy for ID Plus that provides support for passwordless across the platform, and the DS100 (www.rsa.com/resources/datasheets/id-plus-ds100-authenticator), a dual-protocol authenticator combining FIDO2 software and OTP hardware authentication in one device.

“The only obituary I ever want to read is the one that’s written for passwords,” said RSA chief technology officer Jim Taylor. “We know how security-first enterprises operate, and we know why they’ve historically questioned whether passwordless is secure enough for enterprise use. They’re right to wonder; not all passwordless authentication is created equal. Organisations need secure passwordless capabilities that cover all users and use cases.”

Launched last week, the 2024 RSA ID IQ survey (www.rsa.com/rsa-conference-2024) is asking users to assess their organisations’ identity security architecture, quantify the costs of identity-related data breaches, predict AI’s cyber-security potential and more. Responses will be kept confidential and aggregated into a report detailing the main findings.

“The tech industry shapes identity, and identity shapes the world,” said RSA CMO Laura Marx. “We’re launching the 2024 RSA ID IQ survey because the rise of AI, escalating threats and the quest for passwordless are fundamentally changing identity, and our research will demonstrate the new risks, opportunities and realities that will result from that change.”

The 2023 RSA ID IQ report (www.rsa.com/resources/reports/2023-rsa-id-iq-report) received more than 2300 responses from across more than 90 countries and found that nine in ten respondents believed AI would have a significant role in improving identity security.

The AI-powered RSA (RSA.com) unified identity platform protects secure organisations from high-risk cyber attacks. RSA provides the identity intelligence, authentication, access, governance and lifecycle capabilities needed to prevent threats, secure access and enable compliance. More than 9000 security-first organisations use RSA to manage more than 60 million identities across on-premises, hybrid and multi-cloud environments.